diff options
| -rw-r--r-- | packages/server/src/attestation/verifyAttestationResponse.ts | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts index 374b79b..2ebf8d5 100644 --- a/packages/server/src/attestation/verifyAttestationResponse.ts +++ b/packages/server/src/attestation/verifyAttestationResponse.ts @@ -61,7 +61,7 @@ export default function verifyAttestationResponse(options: Options): VerifiedAtt const clientDataJSON = decodeClientDataJSON(response.clientDataJSON); - const { type, origin, challenge } = clientDataJSON; + const { type, origin, challenge, tokenBinding } = clientDataJSON; // Make sure we're handling an attestation if (type !== 'webauthn.create') { @@ -81,6 +81,16 @@ export default function verifyAttestationResponse(options: Options): VerifiedAtt throw new Error(`Unexpected attestation origin "${origin}", expected "${expectedOrigin}"`); } + if (tokenBinding) { + if (!(tokenBinding instanceof Object)) { + throw new Error(`Unexpected value for TokenBinding "${tokenBinding}"`); + } + + if (['present', 'supported', 'not-supported'].indexOf(tokenBinding.status) < 0) { + throw new Error(`Unexpected tokenBinding.status value of "${tokenBinding.status}"`); + } + } + const attestationObject = decodeAttestationObject(response.attestationObject); const { fmt, authData, attStmt } = attestationObject; |